What’s New: Query line numbering, Azure Sentinel in the schema pane

This post has been republished via RSS; it originally appeared at: Azure Sentinel articles.

 

This installment is part of a broader series to keep you up to date with the latest features in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content.

 

Every second counts. Some security incidents are unstoppable, but when prevention isn’t possible, the right investigation and response is everything. To help SOC analysts’ quickly reason over copious amount of security volume, we are delighted to introduce a set of enhancements that enrich and improve the investigation experience in Azure Sentinel.

 

Enable Line Numbers to Aid Quicker Debugging of Your Azure Sentinel KQL Queries

 

The Azure Monitor team released a new capability that enhances that way your SOC analyst reason and monitor the critical security data ingested into Azure Sentinel. To help enable quicker debugging for KQL queries in the Log Analytics workspace, analysts have the ability to enable line numbers to their KQL queries to quickly identify the line in which an error exist.

 

With this enhancement, when creating a Log Analytics query, each row in the query editor is indicated by a number:

 

rownumbers2.jpg

 

 

 

This makes it easier to find the part of the query you need, when composing a new query.. The new line numbers work in tandem with our new error messages. 


If there's an error in the query the analysts composed, our newly designed error messages will indicate the row where an issue was found. Row numbers in query editor makes it faster and easier to find the issue and provides guidance to get rectify the error. 

 

errorquery.jpg

 

How to enable:

 

Open the Settings panel by clicking on the Settings cog icon and select the switch to turn row numbers off and on.

 

rownumberenable.gif

 

 

Azure Sentinel in the logs screen schema

 

Small, but never the less important, finally it is “Azure Sentinel”, rather than “SecurityInsights” on the schema pane of the log screen in Sentinel and in Log Analytics. This will help your SOC analysts easily identify all the data tables under the Azure Sentinel solution.

 

 

azuresentinelschema.png

 

 

Get started today!

 

We encourage you to leverage the new enhancements aid in debugging and improving the investigation experience in Azure Sentinel.

 

Try it out, and let us know what you think!

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.